Table of Contents / General |
| OWASP page on Application Threat Modeling | | | |
| OpenSAMM Threat Assessment | | | |
| Microsoft threat modeling posts | | | |
Table of Contents / Data Flow Diagrams |
| Presentation (PDF) with very good introduction to DFDs | | | |
| DFD Example and explanation | | | |
| graphviz | | | |
| draw.io | | | |
| TikZ | | | |
Table of Contents / Threat Enumeration |
| STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, Elevation of Privilege) | | | |
| Attack Trees | | | |
Table of Contents / Prioritization Methodologies |
| DREAD (Damage, Reproducibility, Exploitability, Affected users, Discoverability) | | | |
Table of Contents / Conference Talks |
| Rapid Threat Modeling | | | Akshay Aggarwal - Blackhat USA (2005) |
| Part 1 | | | Elevation of Privilege: The easy way to threat model and - Adam Shostack - Blackhat (2010) |
| Threat Modeling Best Practices | | | Robert Zigweid - AppSecUSA (2010) |
| Threat Modeling: Lessons from Star Wars | | | Adam Shostack - Brucon (2014) |
| Incremental Threat Modeling | | | Irene Michlin - AppSecEU (2017) |
| Threat Modeling with PASTA | | | Tony UcedaVelez - AppSecEU (2017) |
| Value Driven Threat Modeling | | | Avi Douglen - AppSecUSA (2018) |
| Threat Modeling Toolkit | | | Jonathan Marcil - AppSecCali (2018) |
| Lessons From The Threat Modeling Trenches | | | Brook Schoenfield - AppSecCali (2018) |
| Threat Model as Code | | | Abhay Bhargav - AppSecUSA (2018) |
| Threat Modeling at speed and scale | | | Stuart Winter-Tear - DevSecCon London (2018) |
| Threat Modeling: uncover vulnerabilities without looking at code | | | Chris Romeo - NDC (2018) |
| Threat Modeling in 2018 | | | Adam Shostack - Blackhat USA (2018) |
| Threat Modeling in 2019 | | | Adam Shostack - RSA Conference (2019) |
| Offensive Threat Models Against the Supply Chain | | | Tony UcedaVelez - AppSecCali (2019) |
| Threat Model Every Story: Practical Continuous Threat Modeling Work for Your Team | | | Izar Tarandach - AppSecCali (2019) |
| Game On! Adding Privacy to Threat Modeling | | | Adam Shostack, Mark Vinkovits - AppSecCali (2019) |
| Adaptive Threat Modeling | | | Aaron Bedra - GOTO Chicago (2017) |
Table of Contents / Books |
| Threat Modeling: Designing for Security | | | Shostack, |
| Guide to Data-Centric System Threat Modeling | | | NIST, |
Table of Contents / Tools |
| Microsoft TMT | | | |
| OWASP Threat Dragon | | | |
| Mozilla Seasponge | 278 | over 6 years ago | |
| IriusRisk | | | |
| eramba | | | |
| Elevation of Privilege (EoP) Threat Modeling Card Game | | | |
| Threat Playbook | | | |
| pytm | 919 | 10 days ago | |
| ThreatSpec | | | |
| Threat Model SDK | 79 | almost 2 years ago | |
| TaaC-AI | 114 | 6 months ago | |
awesome-threat-modeling 
sbilly/awesome-security